> Should we write a rule for such a site (e.g. bundesrat.de) or should > their implementation be regarded as broken?
Sites where Firefox can download the intermediate should be considered working, and we can write rules for them. We should aim to make the checker smart enough to not be flummoxed by those sites. On 04/23/2015 02:44 AM, Jonas Witmer wrote: > Am 15.02.15 um 19:17 schrieb Jacob Hoffman-Andrews: >> Good point! I think we are also missing some of the most current >> certificates from Firefox, which I plan to update: >> https://support.google.com/dfp_sb/answer/2524536?hl=en. If we still >> have issues after updating those, we may want to install the >> transitive closure of those certificates, from the SSL Observatory. FYI, I have since updated https-everywhere-checker to include the transitive closure of known CA certificates from the SSL Observatory as of last month or so. This improved the checker's accuracy a lot, but it still gets an occasional problem with missing certificates. If anyone is interested in helping to improve the checker, I'd suggest running it in disable-broken-rules mode, then going through the results for false positives, and trying to find and fix the root cause of those false positives: python2.7 https-everywhere-checker/src/https_everywhere_checker/check_rules.py https-everywhere-checker/disable-broken-rulesets.checker.config Note that you may have to trim the number of threads in the config depending on your available bandwidth / CPU speed.
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
